Mobile threats are growing exponentially, as a flood of mobile devices is hitting the enterprise. If the past is anything to go by, 2013 will see an unprecedented number of threats hitting the mobile enterprise.
Over and above lost and stolen devices, there are numerous pieces of mobile malware – viruses, worms, Trojans, spyware – and more. Couple this with the BYOD phenomenon, and the result is companies being left vulnerable to attack.
Everyone owns at least one mobile device, be it a laptop, smartphone or tablet – devices that are plugged into the corporate network daily, and devices which are not often secured. If the device is infected with malware, it can compromise the entire network, or give malicious actors access to the businesses most sensitive information.
The first step to securing the mobile enterprise is establishing an effective security strategy. Establishing a firm plan can pave the way to mobile security.
CIOs and senior management are integral to policy creation and implementation. Businesses must adapt to increasing demand for mobile protection driven by the BYOD phenomenon. The mobile workforce must be addressed as it poses a whole new platform for threat management.
Businesses should begin with rigid internal policy management and ownership of devices. Many devices are still lost or stolen, and organisations should install and update a lightweight, high-performance antivirus program, and lock all devices with a password.
Organisations should also educate their staff. Passwords are non-negotiable for securing mobile devices that store valuable company data.
Strong authentication should be enforced so employees can be allowed or denied access, and mobile devices can be associated with specific users. It is important to bear in mind that mobile devices no longer connect to a single network only, but to multiple provider and Wi-Fi networks. All devices should carry software that provides total protection regardless of the network they are currently attached to.
Mobile AV can protect against direct attacks, and will also allow the remote wiping, locking, backup and tracking of the device should it be stolen or lost. All mobile devices should have the ability to be managed remotely via a centralised console.
These days, devices are most likely linked to one or more cloud applications, meaning that any data stored on the device may also end up on the cloud, outside an organisation’s control. Put enterprise applications on a cloud that can be directly accessed from employee devices.
In the next few years, tablets and smartphones will replace desktops as the main personal computing devices, and all devices will enjoy total connectivity. Data from all these interactions will be stored on the devices, and this will lead to a growing number and sophistication of threats to the mobile platform. Security vendors will have more scenarios to cover and devices to support.
This will also make the balance between security and the ease of use trickier. All solutions should be able to scan and set up the device in line with the particular businesses’ security policies. A unified approach to managing devices and policies is vital – one solution that offers full protection of mobile devices helps lower costs all round.